cx-alerts
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAlert Management Skill
警报管理Skill
Use this skill to list, inspect, create, enable, and disable Coralogix alert definitions using the CLI commands.
cx alerts使用此Skill通过 CLI命令来列出、查看、创建、启用和禁用Coralogix警报定义。
cx alertsCLI Commands
CLI命令
| Command | Purpose | Key flags |
|---|---|---|
| List all alert definitions | |
| Get a single alert definition by ID | - |
| Create an alert from a JSON definition | |
| Enable an alert | - |
| Disable an alert | - |
| List alert trigger events | |
| Get alert event statistics | - |
| List suppression rules | - |
| Get a suppression rule | - |
| Create a suppression rule | |
| Update a suppression rule | |
| Delete a suppression rule | - |
Output format: append or to , , and commands for machine-readable output.
-o json-o agentslistgetcreateMulti-profile: use (repeatable) to target multiple profiles simultaneously.
-p <profile>| 命令 | 用途 | 关键参数 |
|---|---|---|
| 列出所有警报定义 | |
| 通过ID获取单个警报定义 | - |
| 通过JSON定义创建警报 | |
| 启用警报 | - |
| 禁用警报 | - |
| 列出警报触发事件 | |
| 获取警报事件统计数据 | - |
| 列出抑制规则 | - |
| 获取抑制规则 | - |
| 创建抑制规则 | |
| 更新抑制规则 | |
| 删除抑制规则 | - |
输出格式: 在、和命令后追加或,以获取机器可读的输出。
listgetcreate-o json-o agents多配置文件: 使用(可重复使用)同时针对多个配置文件。
-p <profile>Alert Types Reference
警报类型参考
Coralogix supports 12 alert types:
| Type enum | Human name | Description |
|---|---|---|
| Logs Immediate | Trigger on every matching log entry |
| Logs Threshold | Trigger when log count exceeds a threshold in a time window |
| Logs Anomaly | ML-based anomaly detection on log volume |
| Logs Ratio Threshold | Trigger on ratio between two log queries |
| Logs New Value | Trigger when a new value appears in a field |
| Logs Unique Count | Trigger on unique value count threshold |
| Logs Time Relative | Compare current vs past time window |
| Metric Threshold | Trigger when a PromQL expression crosses a threshold |
| Metric Anomaly | ML-based anomaly detection on metrics |
| Tracing Immediate | Trigger on every matching span |
| Tracing Threshold | Trigger when span count exceeds a threshold |
| Flow | Sequence-based alert combining multiple conditions |
Coralogix支持12种警报类型:
| 类型枚举 | 中文名称 | 描述 |
|---|---|---|
| 即时日志警报 | 每匹配一条日志条目就触发 |
| 日志阈值警报 | 当时间窗口内日志数量超过阈值时触发 |
| 日志异常警报 | 基于机器学习的日志量异常检测 |
| 日志比率阈值警报 | 基于两个日志查询之间的比率触发 |
| 日志新值警报 | 当字段中出现新值时触发 |
| 日志唯一值计数警报 | 当唯一值计数达到阈值时触发 |
| 日志时间相对阈值警报 | 比较当前与过去时间窗口的数据 |
| 指标阈值警报 | 当PromQL表达式超过阈值时触发 |
| 指标异常警报 | 基于机器学习的指标异常检测 |
| 即时追踪警报 | 每匹配一条追踪跨度就触发 |
| 追踪阈值警报 | 当追踪跨度数量超过阈值时触发 |
| 流程警报 | 结合多个条件的基于序列的警报 |
Priority Levels
优先级级别
Always ask the user what priority to use when creating alerts:
| Priority | Use case |
|---|---|
| P1 | Critical - pages on-call immediately |
| P2 | High - needs attention within the hour |
| P3 | Medium - investigate during business hours |
| P4 | Low - informational, check when convenient |
| P5 | Info - logging/tracking only |
创建警报时,务必询问用户要使用的优先级:
| 优先级 | 使用场景 |
|---|---|
| P1 | 严重 - 立即呼叫值班人员 |
| P2 | 高 - 需在1小时内处理 |
| P3 | 中 - 在工作时间内调查 |
| P4 | 低 - 信息性,方便时查看 |
| P5 | 通知 - 仅用于记录/追踪 |
Create Workflow
创建流程
- Ask the user what they want to alert on (logs, metrics, traces)
- Ask for priority (P1–P5)
- Build the JSON payload with - use the API wire format (see
alertDefPropertiesfor all enum values)references/alert-schemas.md - Tip: use to get a working template, modify it, and pipe into create
cx alerts get <existing-id> -o json - Create using: or
echo '<json>' | cx alerts createcx alerts create --from-file alert.json - Verify with
cx alerts list --name "<alert name>"
Important structural note: The field is a string enum (e.g. ), and the alert type config (e.g. ) is a sibling field at the same level - NOT nested inside .
type"ALERT_DEF_TYPE_LOGS_THRESHOLD""logsThreshold": {...}type- 询问用户要针对什么设置警报(日志、指标、追踪)
- 询问优先级(P1–P5)
- 构建包含的JSON负载 - 使用API有线格式(所有枚举值请参见
alertDefProperties)references/alert-schemas.md - 提示: 使用获取可用模板,修改后通过管道传入创建命令
cx alerts get <existing-id> -o json - 通过以下方式创建:或
echo '<json>' | cx alerts createcx alerts create --from-file alert.json - 使用验证创建结果
cx alerts list --name "<alert name>"
重要结构说明: 字段是字符串枚举(例如),警报类型配置(例如)是同一层级的同级字段 - 不要嵌套在内部。
type"ALERT_DEF_TYPE_LOGS_THRESHOLD""logsThreshold": {...}typeExample: Logs Threshold Alert
示例:日志阈值警报
json
{
"alertDefProperties": {
"name": "High Error Rate",
"description": "Alert when error logs exceed threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"enabled": true,
"logsThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "severity:ERROR",
"labelFilters": {
"applicationName": [
{ "operation": "LOG_FILTER_OPERATION_TYPE_IS_OR_UNSPECIFIED", "value": "my-app" }
]
}
}
},
"rules": [{
"condition": {
"conditionType": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 100,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_MINUTES_5_OR_UNSPECIFIED"
}
}
}]
}
}
}json
{
"alertDefProperties": {
"name": "High Error Rate",
"description": "Alert when error logs exceed threshold",
"priority": "ALERT_DEF_PRIORITY_P2",
"type": "ALERT_DEF_TYPE_LOGS_THRESHOLD",
"enabled": true,
"logsThreshold": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "severity:ERROR",
"labelFilters": {
"applicationName": [
{ "operation": "LOG_FILTER_OPERATION_TYPE_IS_OR_UNSPECIFIED", "value": "my-app" }
]
}
}
},
"rules": [{
"condition": {
"conditionType": "LOGS_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 100,
"timeWindow": {
"logsTimeWindowSpecificValue": "LOGS_TIME_WINDOW_VALUE_MINUTES_5_OR_UNSPECIFIED"
}
}
}]
}
}
}Example: Metric Threshold Alert
示例:指标阈值警报
json
{
"alertDefProperties": {
"name": "CPU Usage Critical",
"priority": "ALERT_DEF_PRIORITY_P1",
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"enabled": true,
"metricThreshold": {
"metricFilter": { "promql": "avg(cpu_usage_percent)" },
"rules": [{
"condition": {
"conditionType": "METRIC_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 90,
"ofTheLast": { "dynamicDuration": "5m" },
"forOverPct": 100
}
}]
}
}
}json
{
"alertDefProperties": {
"name": "CPU Usage Critical",
"priority": "ALERT_DEF_PRIORITY_P1",
"type": "ALERT_DEF_TYPE_METRIC_THRESHOLD",
"enabled": true,
"metricThreshold": {
"metricFilter": { "promql": "avg(cpu_usage_percent)" },
"rules": [{
"condition": {
"conditionType": "METRIC_THRESHOLD_CONDITION_TYPE_MORE_THAN_OR_UNSPECIFIED",
"threshold": 90,
"ofTheLast": { "dynamicDuration": "5m" },
"forOverPct": 100
}
}]
}
}
}Example: Logs Immediate Alert
示例:即时日志警报
json
{
"alertDefProperties": {
"name": "OOM Killer Detected",
"description": "Alert immediately when OOM killer runs",
"priority": "ALERT_DEF_PRIORITY_P1",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"enabled": true,
"logsImmediate": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "\"Out of memory\" OR \"OOM\"",
"labelFilters": {}
}
}
}
}
}json
{
"alertDefProperties": {
"name": "OOM Killer Detected",
"description": "Alert immediately when OOM killer runs",
"priority": "ALERT_DEF_PRIORITY_P1",
"type": "ALERT_DEF_TYPE_LOGS_IMMEDIATE_OR_UNSPECIFIED",
"enabled": true,
"logsImmediate": {
"logsFilter": {
"simpleFilter": {
"luceneQuery": "\"Out of memory\" OR \"OOM\"",
"labelFilters": {}
}
}
}
}
}Investigation Workflow
调查流程
Find firing alerts
查找触发中的警报
bash
undefinedbash
undefinedList all alerts and look for ALERTING status
列出所有警报并查找状态为ALERTING的警报
cx alerts list -o json | jq '.[] | select(.status == "ALERTING")'
cx alerts list -o json | jq '.[] | select(.status == "ALERTING")'
Filter by name
按名称过滤
cx alerts list --name "error"
undefinedcx alerts list --name "error"
undefinedInspect a specific alert
查看特定警报详情
bash
cx alerts get <alert-id>
cx alerts get <alert-id> -o jsonbash
cx alerts get <alert-id>
cx alerts get <alert-id> -o jsonDisable a noisy alert (temporary mute)
禁用噪音警报(临时静音)
bash
cx alerts disable <alert-id>bash
cx alerts disable <alert-id>Later, re-enable:
之后重新启用:
cx alerts enable <alert-id>
undefinedcx alerts enable <alert-id>
undefinedSuppression Rules
抑制规则
Manage alert suppression rules that mute alerts during maintenance windows or known noisy periods.
| Command | Purpose |
|---|---|
| List all suppression rules |
| Get a suppression rule by ID |
| Create a suppression rule |
| Update a suppression rule |
| Delete a suppression rule |
bash
undefined管理警报抑制规则,可在维护窗口或已知噪音时段内静音警报。
| 命令 | 用途 |
|---|---|
| 列出所有抑制规则 |
| 通过ID获取抑制规则 |
| 创建抑制规则 |
| 更新抑制规则 |
| 删除抑制规则 |
bash
undefinedList suppression rules
列出抑制规则
cx alerts suppression-rules list -o json
cx alerts suppression-rules list -o json
Create from template
从模板创建
cx alerts suppression-rules get <existing-id> -o json > suppression-rule.json
cx alerts suppression-rules get <existing-id> -o json > suppression-rule.json
Edit suppression-rule.json
编辑suppression-rule.json
cx alerts suppression-rules create --from-file suppression-rule.json
undefinedcx alerts suppression-rules create --from-file suppression-rule.json
undefinedKey Principles
核心原则
- Always ask for priority (P1–P5) when creating alerts - never assume
- Use filter for large accounts with many alerts
--name - Use with
-o jsonfor filtering and transformationjq - Use to pipe JSON from stdin when constructing alerts programmatically
--from-file - - Verify after create - always list or get the alert after creation to confirm
- Disable, don't delete - prefer disabling alerts over deletion for auditability
- 创建警报时务必询问优先级(P1–P5)- 切勿自行假设
- 针对拥有大量警报的大型账户,使用过滤器
--name - 将与
-o json配合使用进行过滤和转换jq - **编程构建警报时,使用**从标准输入管道传入JSON
--from-file - - 创建后验证 - 务必在创建后列出或获取警报以确认结果
- 禁用而非删除 - 为了可审计性,优先选择禁用警报而非删除
Additional Resources
额外资源
Reference Files
参考文件
- - Complete JSON schema reference for all 12 alert types: field names, enum values (condition types, time windows, filter operations), common sub-objects (logs filter, tracing filter, notification groups, activity schedules), and important gotchas
references/alert-schemas.md
- - 所有12种警报类型的完整JSON架构参考:字段名称、枚举值(条件类型、时间窗口、过滤操作)、常见子对象(日志过滤器、追踪过滤器、通知组、活动计划)以及重要注意事项
references/alert-schemas.md
Related Skills
相关Skills
- - incident triage workflows that involve alerts, SLO monitoring, and notification verification
cx-incident-management - - setting up notification routing and webhook integrations for alerts
cx-observability-setup - - gateway for deciding which telemetry pillar to query
cx-telemetry-querying
- - 涉及警报、SLO监控和通知验证的事件分类流程
cx-incident-management - - 为警报设置通知路由和Webhook集成
cx-observability-setup - - 用于决定查询哪个遥测支柱的网关
cx-telemetry-querying